--- title: Configuring email ownership verification options description: Based on your customer IAM use cases, you can optionally offer users the opportunity to confirm the ownership of the email address associated with their accounts. This configuration can be configured on a per-local identity profile basis. component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:pf_configuring_email_ownership_verification_options canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/pf_configuring_email_ownership_verification_options.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 10, 2024 section_ids: about-this-task: About this task steps: Steps --- # Configuring email ownership verification options Based on your customer IAM use cases, you can optionally offer users the opportunity to confirm the ownership of the email address associated with their accounts. This configuration can be configured on a per-local identity profile basis. ## About this task Using the administrative console, configure the email ownership verifications settings for a local identity profile. If you enable email ownership verification, when a user submits a registration request, PingFederate sends an email ownership verification message to the email address. The message is valid for a configurable period. If the user cannot find the message, they can request another one by accessing the email ownership verification endpoint. Moreover, if you enable profile management, the profile management page displays a reminder until the user verifies the email address. Like other local identity fields, the email verification status is stored in the directory and can be relayed to the applicable target applications through identity provider (IdP) authentication policies. ## Steps 1. Go to **Authentication > Policies > Local Identity Profiles**. 2. On the **Email Verification** tab, select the **Enable Email Ownership Verification** checkbox to offer users the opportunity to verify the email address associated with their accounts. The **Email Verification** tab appears only when you select the **Enable Registration** checkbox or the **Enable Profile Management** checkbox on the **Profile Info** tab. The **Enable Email Ownership Verification** checkbox is not selected by default. | | | | - | -------------------------------------------------------------------------------------- | | | The rest of the steps apply only if you select to enable email ownership verification. | 3. In the **Email Address Field** list, select a field. The field value represents the recipient of the verification message. Only fields that use the **Email** or **Text** input control are eligible and shown. 4. In the **Ownership Status Field** list, select a field. The field value represents the email ownership verification status. PingFederate sets the value to `false` in the directory when it receives a new or an updated email address from the user. After the user verifies the email ownership, PingFederate sets the value to `true`. Only fields that use the **Hidden** input control are eligible and shown. 5. To verify emails with one-time passcodes, which is the default option: 1. Set the **Email Verification Type** to **One-Time Passcode**. 2. (Optional) Change any of the values in the following fields: * **One-Time Passcode Length** * **One-Time Passcode Retry Attempts** * **Allowed One-Time Passcode Character Set** * **One-Time Passcode Lifetime** ![yti1637703930563](_images/yti1637703930563.png) 6. To verify emails with one-time links: 1. Set the **Email Verification Type** to **One-Time Link**. 2. (Optional) Change the length of the **One-Time Link Lifetime**. ![get1637703980711](_images/get1637703980711.png) 7. (Optional) To use different template files, update the template fields. The template files are in the `/pingfederate/server/default/conf/template` directory and the `/pingfederate/server/default/conf/template/mail-notifications` directory. | | | | - | ------------------------------------------------------------------------------------------------------------------------- | | | The email templates are only applicable when using an SMTP notification publisher to deliver email-verification messages. | 8. Select a **Notification Publisher** instance. If you haven't yet [configured the desired notification publisher instance](help_notificationsendertasklet_notificationsendermanagementstate.html), click **Manage Notification Publishers**, configure the instance, and then select it. 9. (Optional) To require users to verify their email address ownership before they can access any connected applications: 1. Select the **Require Verified Email** checkbox. 2. (Optional) If the **Email Verification Type** is set to **One-Time Link**, you can specify a different template in the **Require Verified Email Template** field. The default template gives users options to **Resend** the verification email, **Continue**, or **Cancel**. The **Require Verified Email Template** field appears only after you select the **Require Verified Email** checkbox. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you select the **Require Verified Email** checkbox, users can sign on to their local identity profile and manage their account but PingFederate blocks them from accessing any connected applications until they have successfully verified their email address.To let users manage their accounts, select the **Enable Profile Management** checkbox on the **Profile Info** tab, as described in [Configuring local identity profiles](pf_configuring_local_identity_profiles.html). | 10. Click **Next**.